openstack/kolla-ansible
Code Issues Proposed changes

Merge "Add disable_firewall variable"

Browse Source
This commit is contained in:
Zuul 2021-09-20 19:57:38 +00:00 committed by Gerrit Code Review
commit cdaa0dbe24
4 changed files with 39 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/roles/baremetal/defaults/main.yml
View File

@ -32,6 +32,9 @@ change_selinux: True
selinux_state: "permissive" selinux_state: "permissive"
# If true, the host firewall service (firewalld or ufw) will be disabled.
disable_firewall: True
docker_storage_driver: "" docker_storage_driver: ""
docker_custom_option: "" docker_custom_option: ""
docker_custom_config: {} docker_custom_config: {}

54
ansible/roles/baremetal/tasks/install.yml
View File

@ -6,34 +6,36 @@
when: ansible_facts.os_family == 'Debian' when: ansible_facts.os_family == 'Debian'
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors # TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
- name: Set firewall default policy - block:
become: True - name: Set firewall default policy
ufw: become: True
state: disabled ufw:
policy: allow state: disabled
when: ansible_facts.os_family == 'Debian' policy: allow
ignore_errors: yes when: ansible_facts.os_family == 'Debian'
ignore_errors: yes
- name: Check if firewalld is installed - name: Check if firewalld is installed
command: rpm -q firewalld command: rpm -q firewalld
register: firewalld_check register: firewalld_check
changed_when: false changed_when: false
failed_when: firewalld_check.rc > 1 failed_when: firewalld_check.rc > 1
args: args:
warn: false warn: false
when: ansible_facts.os_family == 'RedHat' when: ansible_facts.os_family == 'RedHat'
- name: Disable firewalld - name: Disable firewalld
become: True become: True
service: service:
name: "{{ item }}" name: "{{ item }}"
enabled: false enabled: false
state: stopped state: stopped
with_items: with_items:
- firewalld - firewalld
when: when:
- ansible_facts.os_family == 'RedHat' - ansible_facts.os_family == 'RedHat'
- firewalld_check.rc == 0 - firewalld_check.rc == 0
when: disable_firewall | bool
# Upgrading docker engine may cause containers to stop. Take a snapshot of the # Upgrading docker engine may cause containers to stop. Take a snapshot of the
# running containers prior to a potential upgrade of Docker. # running containers prior to a potential upgrade of Docker.

2
doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
View File

@ -207,6 +207,8 @@ will be added to allow all traffic.
On Red Hat family systems where firewalld is installed, it will be disabled. On Red Hat family systems where firewalld is installed, it will be disabled.
This behaviour can be avoided by setting ``disable_firewall`` to ``false``.
Creation of Python virtual environment Creation of Python virtual environment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

6
releasenotes/notes/disable-firewall-1e1955168c717cb5.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
Adds a new variable, ``disable_firewall``, which defaults to ``true``. If
set to ``false``, then the host firewall will not be disabled during
``kolla-ansible bootstrap-servers``.